package org.i1510.common.service.CxfInterceptor;

import java.io.IOException;

import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;

import org.apache.ws.security.WSPasswordCallback;

public class WsInAuthHandler implements CallbackHandler {

	public void handle(Callback[] callbacks) throws IOException,
			UnsupportedCallbackException {
		WSPasswordCallback pc = (WSPasswordCallback) callbacks[0];
		if (pc.getIdentifier().equals("admin")) {
			if (!pc.getPassword().equals("123456")) {
				// 身份认证验证，如果密码不是admin，就报出异常
				throw new SecurityException("wrong password");
			}
		} else {
			// 用户名不对，只有ws-client才有访问控制的权限
			throw new SecurityException("wrong username");
		}
	}

}